
#if 1 // use-after-free(释放后访问) - 堆内存非法访问

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(void)
{
    char* str = (char*)calloc(8, sizeof(char));
    strcpy(str, "1234567");
    free(str);
    printf("%s\r\n", str);
    return 0;
}

#elif 0 // use-after-free(释放后访问) - 栈内存非法访问

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(void)
{
    char* str = NULL;
    {
        char str2[] = "12345678";
        str = str2;
    }
    printf("%s\r\n", str);
    return 0;
}

#elif 0 // memory leaks - 内存泄露

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(void)
{
    char* str = (char*)calloc(8, sizeof(char));
    strcpy(str, "1234567");
    printf("%s\r\n", str);
    // free(str); // 忘记free()
    return 0;
}

#elif 0 // buffer-overflow(越界访问) - 堆内存越界访问

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(void)
{
    char* str = (char*)calloc(8, sizeof(char));
    strcpy(str, "123456789"); // 越界访问
    printf("%s\r\n", str);
    free(str);
    return 0;
}

#elif 0 // buffer-overflow(越界访问) - 栈内存越界访问

#include <stdio.h>
int main(void)
{
    char str[8] = "12345678"; // 字符串缺少0结尾
    printf("%s\r\n", str); // 打印时出现越界访问
    return 0;
}

#endif
